diff options
| author | Alice Frosi <afrosi@redhat.com> | 2023-01-16 09:52:20 +0100 |
|---|---|---|
| committer | Alice Frosi <afrosi@redhat.com> | 2023-01-16 10:27:18 +0100 |
| commit | 9b2dd57a6e6ba4faae483efac8e4a43daba8155f (patch) | |
| tree | c804194b6d8c3e4f45252e58e98342ddcdc6797d /eater.c | |
| parent | ab28b379df691ac040629273b03cd2fe3b6343fb (diff) | |
| download | seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.tar seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.tar.gz seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.tar.bz2 seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.tar.lz seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.tar.xz seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.tar.zst seitan-9b2dd57a6e6ba4faae483efac8e4a43daba8155f.zip | |
Rename loader to eater
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Diffstat (limited to 'eater.c')
| -rw-r--r-- | eater.c | 94 |
1 files changed, 94 insertions, 0 deletions
@@ -0,0 +1,94 @@ +// SPDX-License-Identifier: AGPL-3.0-or-later + +/* SEITAN - Syscall Expressive Interpreter, Transformer and Notifier + * + * eater.c - Load BPF program and execute binary + * + * Copyright (c) 2022 Red Hat GmbH + * Author: Stefano Brivio <sbrivio@redhat.com> + */ + +#define _GNU_SOURCE +#include <errno.h> +#include <stdio.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <fcntl.h> +#include <unistd.h> +#include <sys/prctl.h> +#include <sys/syscall.h> +#include <sys/socket.h> + +#include <linux/audit.h> +#include <linux/filter.h> +#include <linux/seccomp.h> + +extern char **environ; + +static char *qemu_names[] = { + "kvm", + "qemu-kvm", +#ifdef ARCH + ( "qemu-system-" ARCH ), +#endif + "/usr/libexec/qemu-kvm", + NULL, +}; + +/** + * usage() - Print usage and exit + */ +void usage(void) +{ + fprintf(stderr, "Usage: seitan-eater [QEMU_ARG]...\n"); + fprintf(stderr, "\n"); + + exit(EXIT_FAILURE); +} + +static int seccomp(unsigned int operation, unsigned int flags, void *args) +{ + return syscall(__NR_seccomp, operation, flags, args); +} + +/** + * main() - Entry point + * @argc: Argument count + * @argv: qemu arguments + * + * Return: 0 once interrupted, non-zero on failure + */ +int main(int argc, char **argv) +{ + int fd = open("bpf.out", O_CLOEXEC | O_RDONLY); + struct sock_filter filter[1024]; + struct sock_fprog prog; + char **name; + size_t n; + + (void)argc; + + n = read(fd, filter, sizeof(filter)); + close(fd); + + prog.filter = filter; + prog.len = (unsigned short)(n / sizeof(filter[0])); + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + fd = seccomp(SECCOMP_SET_MODE_FILTER, + SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog); + + connect(0, NULL, 0); /* Wait for seitan to unblock this */ + + for (name = qemu_names; *name; name++) { + argv[0] = *name; + execvpe(*name, argv, environ); + if (errno != ENOENT) { + perror("execvpe"); + usage(); + } + } + + perror("execvpe"); + return EXIT_FAILURE; +} |